diff options
| author |  netblue30 <netblue30@protonmail.com> | 2023-02-05 20:48:48 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@protonmail.com> | 2023-02-05 20:48:48 -0500 |
| commit | 0f996ea4de584dc061faf21853d61a600da1a1d8 (patch) | |
| tree | 8eeacae358f31bc4230acdc231e767dcf0c0c96b /src | |
| parent | private-etc: big profile changes (diff) | |
| download | firejail-0f996ea4de584dc061faf21853d61a600da1a1d8.tar.gz firejail-0f996ea4de584dc061faf21853d61a600da1a1d8.tar.zst firejail-0f996ea4de584dc061faf21853d61a600da1a1d8.zip | |
private-etc: groups modified
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/etc_groups.h | 2 | ||||
| -rw-r--r-- | src/tools/cleanup_etc.c | 66 |
2 files changed, 50 insertions, 18 deletions
diff --git a/src/include/etc_groups.h b/src/include/etc_groups.h index e3f8bcc7e..fffc5f9b9 100644 --- a/src/include/etc_groups.h +++ b/src/include/etc_groups.h | |||
| @@ -39,6 +39,7 @@ static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer | |||
| 39 | "login.defs", // firejail reading UID/GID MIN and MAX at startup | 39 | "login.defs", // firejail reading UID/GID MIN and MAX at startup |
| 40 | "nsswitch.conf", | 40 | "nsswitch.conf", |
| 41 | "passwd", | 41 | "passwd", |
| 42 | "selinux", | ||
| 42 | NULL | 43 | NULL |
| 43 | }; | 44 | }; |
| 44 | 45 | ||
| @@ -89,6 +90,7 @@ static char *etc_group_x11[] = { | |||
| 89 | "kde5rc", | 90 | "kde5rc", |
| 90 | "nvidia", // 3D | 91 | "nvidia", // 3D |
| 91 | "pango", // text rendering/internationalization | 92 | "pango", // text rendering/internationalization |
| 93 | "Trolltech.conf", // old QT config file | ||
| 92 | "X11", | 94 | "X11", |
| 93 | "xdg", | 95 | "xdg", |
| 94 | NULL | 96 | NULL |
diff --git a/src/tools/cleanup_etc.c b/src/tools/cleanup_etc.c index 3b368b116..f57a1ddb1 100644 --- a/src/tools/cleanup_etc.c +++ b/src/tools/cleanup_etc.c | |||
| @@ -38,6 +38,8 @@ static int arr_x11 = 0; | |||
| 38 | static int arr_games = 0; | 38 | static int arr_games = 0; |
| 39 | static char outbuf[256 * 1024]; | 39 | static char outbuf[256 * 1024]; |
| 40 | static char *outptr; | 40 | static char *outptr; |
| 41 | static int arg_replace = 0; | ||
| 42 | static int arg_debug = 0; | ||
| 41 | 43 | ||
| 42 | void outprintf(char* fmt, ...) { | 44 | void outprintf(char* fmt, ...) { |
| 43 | va_list args; | 45 | va_list args; |
| @@ -78,6 +80,17 @@ static void arr_add(const char *fname) { | |||
| 78 | arr_cnt++; | 80 | arr_cnt++; |
| 79 | } | 81 | } |
| 80 | 82 | ||
| 83 | int arr_cmp(const void *p1, const void *p2) { | ||
| 84 | char **ptr1 = (char **) p1; | ||
| 85 | char **ptr2 = (char **) p2; | ||
| 86 | |||
| 87 | return strcmp(*ptr1, *ptr2); | ||
| 88 | } | ||
| 89 | |||
| 90 | static void arr_sort(void) { | ||
| 91 | qsort(&arr[0], arr_cnt, sizeof(char *), arr_cmp); | ||
| 92 | } | ||
| 93 | |||
| 81 | static void arr_clean(void) { | 94 | static void arr_clean(void) { |
| 82 | int i; | 95 | int i; |
| 83 | for (i = 0; i < arr_cnt; i++) { | 96 | for (i = 0; i < arr_cnt; i++) { |
| @@ -119,7 +132,7 @@ static void process_file(const char *fname) { | |||
| 119 | 132 | ||
| 120 | FILE *fp = fopen(fname, "r"); | 133 | FILE *fp = fopen(fname, "r"); |
| 121 | if (!fp) { | 134 | if (!fp) { |
| 122 | fprintf(stderr, "Error: cannot open profile file\n"); | 135 | fprintf(stderr, "Error: cannot open %s file\n", fname); |
| 123 | exit(1); | 136 | exit(1); |
| 124 | } | 137 | } |
| 125 | 138 | ||
| @@ -133,10 +146,11 @@ static void process_file(const char *fname) { | |||
| 133 | int print = 0; | 146 | int print = 0; |
| 134 | while (fgets(line, MAX_BUF, fp)) { | 147 | while (fgets(line, MAX_BUF, fp)) { |
| 135 | cnt++; | 148 | cnt++; |
| 136 | if (strncmp(line, "private-etc ", 12) != 0) { | 149 | if (strncmp(line, "private-etc", 11) != 0) { |
| 137 | outprintf("%s", line); | 150 | outprintf("%s", line); |
| 138 | continue; | 151 | continue; |
| 139 | } | 152 | } |
| 153 | |||
| 140 | strcpy(orig_line,line); | 154 | strcpy(orig_line,line); |
| 141 | char *ptr = strchr(line, '\n'); | 155 | char *ptr = strchr(line, '\n'); |
| 142 | if (ptr) | 156 | if (ptr) |
| @@ -158,6 +172,8 @@ static void process_file(const char *fname) { | |||
| 158 | 172 | ||
| 159 | ptr = strtok(ptr, ","); | 173 | ptr = strtok(ptr, ","); |
| 160 | while (ptr) { | 174 | while (ptr) { |
| 175 | if (arg_debug) | ||
| 176 | printf("%s\n", ptr); | ||
| 161 | if (arr_check(ptr, &etc_list[0])); | 177 | if (arr_check(ptr, &etc_list[0])); |
| 162 | else if (arr_check(ptr, &etc_group_sound[0])); | 178 | else if (arr_check(ptr, &etc_group_sound[0])); |
| 163 | else if (arr_check(ptr, &etc_group_network[0])); | 179 | else if (arr_check(ptr, &etc_group_network[0])); |
| @@ -179,34 +195,36 @@ static void process_file(const char *fname) { | |||
| 179 | ptr = strtok(NULL, ","); | 195 | ptr = strtok(NULL, ","); |
| 180 | } | 196 | } |
| 181 | 197 | ||
| 198 | arr_sort(); | ||
| 182 | char *last_line = arr_print(); | 199 | char *last_line = arr_print(); |
| 183 | if (strcmp(last_line, orig_line) == 0) { | 200 | if (strcmp(last_line, orig_line) == 0) { |
| 184 | fclose(fp); | 201 | fclose(fp); |
| 185 | return; | 202 | return; |
| 186 | } | 203 | } |
| 187 | printf("\n********************\n%s\n\n%s\n%s\n", fname, orig_line, last_line); | 204 | printf("\n********************\nfile: %s\n\nold: %s\nnew: %s\n", fname, orig_line, last_line); |
| 188 | print = 1; | 205 | print = 1; |
| 189 | } | 206 | } |
| 190 | 207 | ||
| 191 | fclose(fp); | 208 | fclose(fp); |
| 192 | 209 | ||
| 193 | if (print) { | 210 | if (print && arg_replace) { |
| 194 | // printf("Replace? (Y/N): ", fname); | 211 | fp = fopen(fname, "w"); |
| 195 | // fgets(line, MAX_BUF, stdin); | 212 | if (!fp) { |
| 196 | // if (*line == 'y' || *line == 'Y') { | 213 | fprintf(stderr, "Error: cannot open profile file\n"); |
| 197 | fp = fopen(fname, "w"); | 214 | exit(1); |
| 198 | if (!fp) { | 215 | } |
| 199 | fprintf(stderr, "Error: cannot open profile file\n"); | 216 | fprintf(fp, "%s", outbuf); |
| 200 | exit(1); | 217 | fclose(fp); |
| 201 | } | ||
| 202 | fprintf(fp, "%s", outbuf); | ||
| 203 | fclose(fp); | ||
| 204 | // } | ||
| 205 | } | 218 | } |
| 206 | } | 219 | } |
| 207 | 220 | ||
| 208 | static void usage(void) { | 221 | static void usage(void) { |
| 209 | printf("usage: cleanup-etc file.profile\n"); | 222 | printf("usage: cleanup-etc [options] file.profile [file.profile]\n"); |
| 223 | printf("Group and clean private-etc entries in one or more profile files.\n"); | ||
| 224 | printf("Options:\n"); | ||
| 225 | printf(" --debug - print debug messages\n"); | ||
| 226 | printf(" --help - this help screen\n"); | ||
| 227 | printf(" --replace - replace profile file\n"); | ||
| 210 | } | 228 | } |
| 211 | 229 | ||
| 212 | int main(int argc, char **argv) { | 230 | int main(int argc, char **argv) { |
| @@ -218,13 +236,25 @@ int main(int argc, char **argv) { | |||
| 218 | 236 | ||
| 219 | int i; | 237 | int i; |
| 220 | for (i = 1; i < argc; i++) { | 238 | for (i = 1; i < argc; i++) { |
| 221 | if (strcmp(argv[i], "-h") == 0) { | 239 | if (strcmp(argv[i], "-h") == 0 || |
| 240 | strcmp(argv[i], "-?") == 0 || | ||
| 241 | strcmp(argv[i], "--help") == 0) { | ||
| 222 | usage(); | 242 | usage(); |
| 223 | return 0; | 243 | return 0; |
| 224 | } | 244 | } |
| 245 | else if (strcmp(argv[i], "--debug") == 0) | ||
| 246 | arg_debug = 1; | ||
| 247 | else if (strcmp(argv[i], "--replace") == 0) | ||
| 248 | arg_replace = 1; | ||
| 249 | else if (*argv[i] == '-') { | ||
| 250 | fprintf(stderr, "Error: invalid program option %s\n", argv[i]); | ||
| 251 | return 1; | ||
| 252 | } | ||
| 253 | else | ||
| 254 | break; | ||
| 225 | } | 255 | } |
| 226 | 256 | ||
| 227 | for (i = 1; i < argc; i++) | 257 | for (; i < argc; i++) |
| 228 | process_file(argv[i]); | 258 | process_file(argv[i]); |
| 229 | 259 | ||
| 230 | return 0; | 260 | return 0; |